Thats what i was looking for not if you were going to patch it! If they were!<br><br><div><span class="gmail_quote">On 2/5/07, <b class="gmail_sendername">Ben Bucksch</b> <<a href="mailto:news@bucksch.org">news@bucksch.org
</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">No, we never patch bugs. Where would this lead us? Only commies taking over!
<br><br>Tracked in bug 369390.<br><br>James Matthews wrote:<br>> Do you think it will be patched??<br>><br>> On 2/5/07, *Michal Zalewski* <<a href="mailto:lcamtuf@dione.ids.pl">lcamtuf@dione.ids.pl</a><br>> <mailto:
<a href="mailto:lcamtuf@dione.ids.pl">lcamtuf@dione.ids.pl</a>>> wrote:<br>><br>> On Mon, 5 Feb 2007, pdp (architect) wrote:<br>><br>> > You may as well use a QuickTime .mov/.qtl or a PDF document to
<br>> open a<br>> > file:// link . I think it is easier.<br>><br>> Sure. You can probably have a file:// link in Open Office / MS Office<br>> documents as well; but these all rely on external components, and
<br>> as such,<br>> attacks could be shrugged off as a weakness in these apps (and there's<br>> some truth to this).<br>><br>> Browser authors know better, and they disallow file:// URLs from the
<br>> Internet ever since Javascript became so powerful; this case<br>> managed to<br>> slip through, so I thought it's a neat example, in conjunction with<br>> deterministic temporary files.
<br>><br>> /mz<br>><br>> _______________________________________________<br>> Full-Disclosure - We believe in it.<br>> Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">
http://lists.grok.org.uk/full-disclosure-charter.html</a><br>> Hosted and sponsored by Secunia - <a href="http://secunia.com/">http://secunia.com/</a><br>><br>><br>><br>><br>> --<br>> <a href="http://www.goldwatches.com">
http://www.goldwatches.com</a><br>> <a href="http://www.wazoozle.com">http://www.wazoozle.com</a><br>> ------------------------------------------------------------------------<br>><br>> _______________________________________________
<br>> Full-Disclosure - We believe in it.<br>> Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>> Hosted and sponsored by Secunia -
<a href="http://secunia.com/">http://secunia.com/</a><br><br>_______________________________________________<br>Full-Disclosure - We believe in it.<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">
http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/">http://secunia.com/</a><br></blockquote></div><br><br clear="all"><br>-- <br><a href="http://www.goldwatches.com">
http://www.goldwatches.com</a><br><a href="http://www.wazoozle.com">http://www.wazoozle.com</a>